We're currently using a raft of APIs which trigger deprecation
warnings, so add OPENSSL_API_COMPAT to the command line for openssl-3
to cause them not to break the build.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
AKASHI Takahiro (1):
sbsign: allow for adding intermediate certificates
James Bottomley (8):
sbverify: fix verification with intermediate certificates
Tests: Add intermediate certificate tests to the sign-verify cases
Fix some openssl 1.1.0 deprecated functions
sbvarsign: remove unused global variable
sbverify: refer to unused function
Fix errors on 32 bit
Enable -Werror for builds
docs: add man page for sbkeysync
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
James Bottomley (1):
README: update git location and add mailing list information
Laszlo Ersek (1):
sbvarsign: fix "EFI_VARIABLE_AUTHENTICATION_2.TimeStamp.Year" assignment
Steve McIntyre (1):
Fix PE/COFF checksum calculation
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Fix fedora build
Fix variable signing for current tianocore
Fix image processing not to invalidate existing signatures
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This version builds correctly on openssl 1.1 and also includes
functional autotests for every architecture.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
The current test infrastructure is tied to x86/amd64. This means the
tests always fail on a non-x86 architecture (like aarch64). Fix this
by generating the efi binary directly from C code and removing the
architectural restrictions in the Makefile.am. One of the
consequences of this is that we no longer test ia32 on x86_64, but the
difficulty of detecting which architectures can support 32 bit
variants and generating them correctly from EFI c code is too great.
We also need to exclude tests involving objdump from aarch64 since its
bfd still doesn't have an efi_app_aarch64 target.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
arm has a variety of uname -m forms, all beginning with arm, so use
this to determine the EFI architecture
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
We need bfd.h for the image object, so add a check for it in
configure.ac.
Signed-off-by: Ivan Hu <ivanh.hu@canonical.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add a few tests for the sign, verify, attach and detach code. These
require some additional infrastructure to create a sample PE/COFF
executable, plus a key & cert for testing.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
$(builddir) should be $(top_builddir), and we need a valid definition of
MKDIR_P to create the docs.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add autoconf & automake metadata, plus required files for automake to
run without complaint.
Requires an update to ccan, to get the --build-type argument to
create-ccan-tree.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>